refactor: convert puppetserver compilers to deployment with configmap integration (#57)
- Convert StatefulSet to Deployment for better scaling flexibility - Add initContainer to copy configmaps to shared RWX volume (10GB) - Integrate puppetserver-compiler-config configmap for environment variables - Configure configMapGenerator with stable names (disableNameSuffixHash) - Update HPA to target Deployment instead of StatefulSet - Simplify puppetboard SSL config to skip verification for internal connections Reviewed-on: #57
This commit was merged in pull request #57.
This commit is contained in:
@@ -12,9 +12,7 @@ metadata:
|
||||
data:
|
||||
PUPPETDB_HOST: "puppetdb"
|
||||
PUPPETDB_PORT: "8081"
|
||||
PUPPETDB_SSL_VERIFY: "/opt/puppetboard/ssl/ca.pem"
|
||||
PUPPETDB_KEY: "/opt/puppetboard/ssl/puppetboard.key"
|
||||
PUPPETDB_CERT: "/opt/puppetboard/ssl/puppetboard.pem"
|
||||
PUPPETDB_SSL_SKIP_VERIFY: "True"
|
||||
LOGLEVEL: "debug"
|
||||
PUPPETDB_TIMEOUT: "20"
|
||||
UNRESPONSIVE_HOURS: "3"
|
||||
|
||||
+50
-30
@@ -1,5 +1,5 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
@@ -11,12 +11,10 @@ metadata:
|
||||
name: puppetserver-compiler
|
||||
namespace: puppet
|
||||
spec:
|
||||
podManagementPolicy: OrderedReady
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: puppetserver-compilers
|
||||
app.kubernetes.io/name: puppetserver
|
||||
serviceName: puppet-headless
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
@@ -41,26 +39,14 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8140
|
||||
name: puppetserver
|
||||
envFrom: null
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: puppetserver-compiler-config
|
||||
env:
|
||||
- name: OPENVOXSERVER_HOSTNAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: OPENVOXSERVER_PORT
|
||||
value: "8140"
|
||||
- name: DNS_ALT_NAMES
|
||||
value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
||||
- name: OPENVOXDB_SERVER_URLS
|
||||
value: https://puppetdb:8081
|
||||
- name: CA_ENABLED
|
||||
value: "false"
|
||||
- name: CA_HOSTNAME
|
||||
value: puppetca
|
||||
- name: CA_PORT
|
||||
value: "8140"
|
||||
- name: PUPPETSERVER_JAVA_ARGS
|
||||
value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
periodSeconds: 30
|
||||
@@ -109,6 +95,36 @@ spec:
|
||||
name: eyaml-keys
|
||||
readOnly: true
|
||||
initContainers:
|
||||
- name: copy-configmaps
|
||||
image: busybox:1.35
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
args:
|
||||
- |
|
||||
echo "Copying configmap files to shared volume..."
|
||||
mkdir -p /etc/puppetlabs/puppet
|
||||
cp /configmaps/puppet.conf /etc/puppetlabs/puppet/puppet.conf
|
||||
cp /configmaps/puppetdb.conf /etc/puppetlabs/puppet/puppetdb.conf
|
||||
cp /configmaps/autosign.conf /etc/puppetlabs/puppet/autosign.conf
|
||||
cp /configmaps/cobbler-enc /etc/puppetlabs/puppet/cobbler-enc
|
||||
chmod +x /etc/puppetlabs/puppet/cobbler-enc
|
||||
echo "Configmap files copied successfully"
|
||||
volumeMounts:
|
||||
- mountPath: /etc/puppetlabs/puppet/
|
||||
name: puppet-puppet-volume
|
||||
- mountPath: /configmaps/puppet.conf
|
||||
name: compiler-puppet-conf
|
||||
subPath: puppet.conf
|
||||
- mountPath: /configmaps/puppetdb.conf
|
||||
name: compiler-puppetdb-conf
|
||||
subPath: puppetdb.conf
|
||||
- mountPath: /configmaps/autosign.conf
|
||||
name: compiler-autosign-conf
|
||||
subPath: autosign.conf
|
||||
- mountPath: /configmaps/cobbler-enc
|
||||
name: puppet-cobbler-enc
|
||||
subPath: cobbler-enc
|
||||
- args:
|
||||
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
||||
mkdir -p /etc/puppetlabs/code/environments;
|
||||
@@ -165,20 +181,24 @@ spec:
|
||||
- name: puppet-code-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: puppetserver-code-shared
|
||||
- name: puppet-puppet-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: puppetserver-compiler-config-shared
|
||||
- name: eyaml-keys
|
||||
secret:
|
||||
secretName: eyaml-keys
|
||||
defaultMode: 0600
|
||||
updateStrategy:
|
||||
- name: compiler-puppet-conf
|
||||
configMap:
|
||||
name: compiler-puppet.conf
|
||||
- name: compiler-puppetdb-conf
|
||||
configMap:
|
||||
name: compiler-puppetdb.conf
|
||||
- name: compiler-autosign-conf
|
||||
configMap:
|
||||
name: compiler-autosign.conf
|
||||
- name: puppet-cobbler-enc
|
||||
configMap:
|
||||
name: puppet-cobbler-enc
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
annotations: null
|
||||
name: puppet-puppet-volume
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: cephrbd-fast-delete
|
||||
@@ -11,7 +11,7 @@ metadata:
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
name: puppetserver-compiler
|
||||
minReplicas: 2
|
||||
maxReplicas: 5
|
||||
|
||||
@@ -31,4 +31,26 @@ resources:
|
||||
- service_puppetca.yaml
|
||||
- service_puppetboard.yaml
|
||||
- service_puppetdb.yaml
|
||||
- statefulset_puppetserver-compiler.yaml
|
||||
- deployment_puppetserver-compiler.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: compiler-autosign.conf
|
||||
files:
|
||||
- resources/compiler/autosign.conf
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
- name: compiler-puppet.conf
|
||||
files:
|
||||
- resources/compiler/puppet.conf
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
- name: compiler-puppetdb.conf
|
||||
files:
|
||||
- resources/compiler/puppetdb.conf
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
- name: puppet-cobbler-enc
|
||||
files:
|
||||
- resources/cobbler-enc
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
@@ -106,3 +106,21 @@ spec:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: cephfs-raid6-delete
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/component: puppetserver-compilers
|
||||
app.kubernetes.io/instance: puppetserver
|
||||
app.kubernetes.io/name: puppetserver
|
||||
app.kubernetes.io/version: 8.8.0
|
||||
name: puppetserver-compiler-config-shared
|
||||
namespace: puppet
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
storageClassName: cephfs-raid6-delete
|
||||
|
||||
Executable
+50
@@ -0,0 +1,50 @@
|
||||
#!/usr/bin/env -S uv run --quiet --script
|
||||
# /// script
|
||||
# requires-python = ">=3.11"
|
||||
# dependencies = ['pyyaml','requests']
|
||||
# ///
|
||||
"""
|
||||
External Node Classifier (ENC) for Puppet.
|
||||
|
||||
If the environment specified in the YAML file is 'testing',
|
||||
the environment is not included in the output.
|
||||
"""
|
||||
|
||||
import sys
|
||||
import yaml
|
||||
import requests
|
||||
|
||||
def fetch_enc_data(cobbler_url: str, hostname: str) -> str:
|
||||
"""
|
||||
Fetches and modifies ENC data from a given URL to ensure classes are in list format.
|
||||
"""
|
||||
url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}"
|
||||
try:
|
||||
response = requests.get(url, verify='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem')
|
||||
response.raise_for_status()
|
||||
except requests.RequestException as e:
|
||||
sys.exit(f"Request failed: {e}")
|
||||
|
||||
data = yaml.safe_load(response.text)
|
||||
data["parameters"] = data.get("parameters", {})
|
||||
|
||||
# Ensure 'classes' is in the desired list format
|
||||
if "classes" in data:
|
||||
if isinstance(data["classes"], dict):
|
||||
data["parameters"]["enc_role"] = list(data["classes"].keys())
|
||||
data["classes"] = list(data["classes"].keys())
|
||||
else:
|
||||
data["parameters"]["enc_role"] = list(data["classes"])
|
||||
data["classes"] = list(data["classes"])
|
||||
|
||||
if "environment" in data:
|
||||
data["parameters"]["enc_env"] = data["environment"]
|
||||
if data["environment"] == "testing":
|
||||
del data["environment"]
|
||||
|
||||
return yaml.dump(data)
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) != 2:
|
||||
sys.exit(f"Usage: {sys.argv[0]} <hostname>")
|
||||
print(fetch_enc_data("https://cobbler.main.unkin.net", sys.argv[1]))
|
||||
@@ -0,0 +1,15 @@
|
||||
# Autosign all nodes from these subnets
|
||||
198.18.13.0/24
|
||||
198.18.14.0/24
|
||||
198.18.15.0/24
|
||||
198.18.16.0/24
|
||||
198.18.17.0/24
|
||||
198.18.20.0/24
|
||||
198.18.24.0/24
|
||||
198.18.25.0/24
|
||||
198.18.26.0/24
|
||||
198.18.27.0/24
|
||||
198.18.28.0/24
|
||||
198.18.29.0/24
|
||||
# Autosign all nodes from these domains
|
||||
*.main.unkin.net
|
||||
@@ -0,0 +1,23 @@
|
||||
[main]
|
||||
server = puppetserver-compiler
|
||||
serverport = 8140
|
||||
dns_alt_names = puppetserver-compiler,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net
|
||||
|
||||
[server]
|
||||
vardir = /opt/puppetlabs/server/data/puppetserver
|
||||
logdir = /var/log/puppetlabs/puppetserver
|
||||
rundir = /var/run/puppetlabs/puppetserver
|
||||
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
|
||||
codedir = /etc/puppetlabs/code
|
||||
environmentpath = /etc/puppetlabs/code/environments
|
||||
|
||||
[master]
|
||||
node_terminus = exec
|
||||
external_nodes = /usr/local/bin/cobbler-enc
|
||||
autosign = /etc/puppetlabs/puppet/autosign.conf
|
||||
default_manifest = /etc/puppetlabs/code/environments/develop/manifests
|
||||
default_environment = develop
|
||||
storeconfigs = true
|
||||
storeconfigs_backend = puppetdb
|
||||
reports = puppetdb
|
||||
usecacheonfailure = false
|
||||
@@ -0,0 +1,3 @@
|
||||
[main]
|
||||
server_urls = https://puppetdb.k8s.syd1.au.unkin.net
|
||||
soft_write_failure = true
|
||||
Reference in New Issue
Block a user